Ubuntu
linux package

[regression] symlink and hardlink restrictions default to off

Bug #1084192 reported by Steve Beattie on 2012-11-28

260

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	High	Tim Gardner
	Raring	Fix Released	High	Tim Gardner

Bug Description

The raring kernel as of linux-image-3.7.0-3-generic 3.7.0-3.9 now defaults to having the kernel's symlink and hardlink protections to off:

  $ sudo cat /proc/sys/fs/protected_hardlinks
  0
  $ sudo cat /proc/sys/fs/protected_symlinks
  0

This is a regression from quantal as documented by the https://wiki.ubuntu.com/Security/Features page. It was introduced by the upstream commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415 which modified the default settings.

(As an aside, this regression was caught using the tests from the lp:qa-regression-testing test script for kernel security features, test-kernel-security.py.)

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: linux-image-3.7.0-3-generic 3.7.0-3.9
ProcVersionSignature: Ubuntu 3.7.0-3.9-generic 3.7.0-rc6
Uname: Linux 3.7.0-3-generic i686
ApportVersion: 2.6.2-0ubuntu5
Architecture: i386
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/pcmC0D1c', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found.
Date: Wed Nov 28 10:12:36 2012
HibernationDevice: RESUME=UUID=afae8fc4-3e27-4a33-a0a0-ff1e06d48a0f
InstallationDate: Installed on 2012-11-27 (0 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release i386 (20121017.2)
IwConfig:
lo no wireless extensions.

eth0 no wireless extensions.
Lsusb:
Bus 001 Device 002: ID 80ee:0021 VirtualBox USB Tablet
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: innotek GmbH VirtualBox
MarkForUpload: True
ProcEnviron:
TERM=screen
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 VESA VGA
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.7.0-3-generic root=UUID=d9e76b3a-75d0-4db4-be19-69cb4a338ea7 ro quiet splash vt.handoff=7
PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
RelatedPackageVersions:
linux-restricted-modules-3.7.0-3-generic N/A
linux-backports-modules-3.7.0-3-generic N/A
linux-firmware 1.97
RfKill:

SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 12/01/2006
dmi.bios.vendor: innotek GmbH
dmi.bios.version: VirtualBox
dmi.modalias: dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:
dmi.product.name: VirtualBox
dmi.product.version: 1.2
dmi.sys.vendor: innotek GmbH

Tags:

Related branches

lp:ubuntu/raring/linux-lowlatency

lp:ubuntu/raring/linux-ppc

Revision history for this message

Steve Beattie (sbeattie) wrote on 2012-11-28:

AlsaInfo.txt Edit (7.5 KiB, text/plain; charset="utf-8")
BootDmesg.txt Edit (28.6 KiB, text/plain; charset="utf-8")
CurrentDmesg.txt Edit (125.9 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (3.4 KiB, text/plain; charset="utf-8")
Lspci.txt Edit (4.9 KiB, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (600 bytes, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (1.0 KiB, text/plain; charset="utf-8")
ProcModules.txt Edit (2.5 KiB, text/plain; charset="utf-8")
UdevDb.txt Edit (74.6 KiB, text/plain; charset="utf-8")
UdevLog.txt Edit (166.4 KiB, text/plain; charset="utf-8")
WifiSyslog.txt Edit (2.4 KiB, text/plain; charset="utf-8")

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2012-11-28:

Added to kernel-team hot list.

Changed in linux (Ubuntu):
importance:	Undecided → High
tags:	added: bot-stop-nagging kernel-key
Changed in linux (Ubuntu):
status:	New → Triaged

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2012-11-28:

Should this be changed to "Public Security" or "Private Security"?

Tim Gardner (timg-tpi) on 2012-11-28

Changed in linux (Ubuntu Raring):
assignee:	nobody → Tim Gardner (timg-tpi)
status:	Triaged → In Progress

Marc Deslauriers (mdeslaur) on 2012-11-28

information type:

Public → Public Security

Revision history for this message

Kees Cook (kees) wrote on 2012-11-28:

Please just carry a revert for 561ec64ae67ef25cac8d72bb9c4bfc955edfd415. That's the easiest fix.

Tim Gardner (timg-tpi) on 2012-11-28

Changed in linux (Ubuntu Raring):
status:	In Progress → Fix Committed

Joseph Salisbury (jsalisbury) on 2012-11-28

tags:

removed: kernel-key

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-12-06:

This bug was fixed in the package linux - 3.7.0-5.13

---------------
linux (3.7.0-5.13) raring; urgency=low

[ Lino Sanfilippo ]

  * SAUCE: inotify, fanotify: replace fsnotify_put_group() with
    fsnotify_destroy_group()
    - LP: #922906
  * SAUCE: fsnotify: introduce fsnotify_get_group()
    - LP: #922906
  * SAUCE: fsnotify: use reference counting for groups
    - LP: #922906
  * SAUCE: fsnotify: take groups mark_lock before mark lock
    - LP: #922906
  * SAUCE: fanotify: add an extra flag to mark_remove_from_mask that
    indicates wheather a mark should be destroyed
    - LP: #922906
  * SAUCE: fsnotify: use a mutex instead of a spinlock to protect a groups
    mark list
    - LP: #922906
  * SAUCE: fsnotify: pass group to fsnotify_destroy_mark()
    - LP: #922906
  * SAUCE: fsnotify: introduce locked versions of fsnotify_add_mark() and
    fsnotify_remove_mark()
    - LP: #922906
  * SAUCE: fsnotify: dont put marks on temporary list when clearing marks
    by group
    - LP: #922906
  * SAUCE: fsnotify: change locking order
    - LP: #922906

[ Tim Gardner ]

  * [Config] CONFIG_NFC_LLCP=y
  * [Config] get-firmware: Filter new files through fwinfo
  * [Config] CONFIG_MTD_NAND_DOCG4=m for all arches
  * [Config] CONFIG_DRM_EXYNOS_HDMI=y
  * [Config] CONFIG_XEN=y for all arches
  * [Config] CONFIG_SND_OMAP_SOC_ZOOM2=m
  * [Config] CONFIG_MMC_DW_EXYNOS=m
  * [Config] CONFIG_GPIO_ADNP=m
  * [Config] find-obsolete-firmware: Use correct path
  * rebase to v3.7-rc8
    - LP: #1084640

[ Upstream Kernel Changes ]

* Revert "VFS: don't do protected {sym,hard}links by default"
- LP: #1084192
-- Tim Gardner <email address hidden> Wed, 28 Nov 2012 16:07:08 +0000

Changed in linux (Ubuntu Raring):
status:	Fix Committed → Fix Released

Revision history for this message

Adam Conrad (adconrad) wrote on 2013-05-24: Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

[regression] symlink and hardlink restrictions default to off

Bug Description

Related branches

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package